-
Notifications
You must be signed in to change notification settings - Fork 188
/
vault_spec_arm_types_gen.go
422 lines (352 loc) · 19.6 KB
/
vault_spec_arm_types_gen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
// Code generated by azure-service-operator-codegen. DO NOT EDIT.
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
package v1api20230701
import "github.com/Azure/azure-service-operator/v2/pkg/genruntime"
type Vault_Spec_ARM struct {
// Location: The supported Azure location where the key vault should be created.
Location *string `json:"location,omitempty"`
Name string `json:"name,omitempty"`
// Properties: Properties of the vault
Properties *VaultProperties_ARM `json:"properties,omitempty"`
// Tags: The tags that will be assigned to the key vault.
Tags map[string]string `json:"tags,omitempty"`
}
var _ genruntime.ARMResourceSpec = &Vault_Spec_ARM{}
// GetAPIVersion returns the ARM API version of the resource. This is always "2023-07-01"
func (vault Vault_Spec_ARM) GetAPIVersion() string {
return string(APIVersion_Value)
}
// GetName returns the Name of the resource
func (vault *Vault_Spec_ARM) GetName() string {
return vault.Name
}
// GetType returns the ARM Type of the resource. This is always "Microsoft.KeyVault/vaults"
func (vault *Vault_Spec_ARM) GetType() string {
return "Microsoft.KeyVault/vaults"
}
// Properties of the vault
type VaultProperties_ARM struct {
// AccessPolicies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use
// the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not
// required. Otherwise, access policies are required.
AccessPolicies []AccessPolicyEntry_ARM `json:"accessPolicies,omitempty"`
// CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
CreateMode *VaultProperties_CreateMode `json:"createMode,omitempty"`
// EnablePurgeProtection: Property specifying whether protection against purge is enabled for this vault. Setting this
// property to true activates protection against purge for this vault and its content - only the Key Vault service may
// initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this
// functionality is irreversible - that is, the property does not accept false as its value.
EnablePurgeProtection *bool `json:"enablePurgeProtection,omitempty"`
// EnableRbacAuthorization: Property that controls how data actions are authorized. When true, the key vault will use Role
// Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties
// will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy
// stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value
// of false. Note that management actions are always authorized with RBAC.
EnableRbacAuthorization *bool `json:"enableRbacAuthorization,omitempty"`
// EnableSoftDelete: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not
// set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it
// cannot be reverted to false.
EnableSoftDelete *bool `json:"enableSoftDelete,omitempty"`
// EnabledForDeployment: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored
// as secrets from the key vault.
EnabledForDeployment *bool `json:"enabledForDeployment,omitempty"`
// EnabledForDiskEncryption: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the
// vault and unwrap keys.
EnabledForDiskEncryption *bool `json:"enabledForDiskEncryption,omitempty"`
// EnabledForTemplateDeployment: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from
// the key vault.
EnabledForTemplateDeployment *bool `json:"enabledForTemplateDeployment,omitempty"`
// NetworkAcls: Rules governing the accessibility of the key vault from specific network locations.
NetworkAcls *NetworkRuleSet_ARM `json:"networkAcls,omitempty"`
// ProvisioningState: Provisioning state of the vault.
ProvisioningState *VaultProperties_ProvisioningState `json:"provisioningState,omitempty"`
// PublicNetworkAccess: Property to specify whether the vault will accept traffic from public internet. If set to
// 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked.
// This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the
// rules.
PublicNetworkAccess *string `json:"publicNetworkAccess,omitempty"`
// Sku: SKU details
Sku *Sku_ARM `json:"sku,omitempty"`
// SoftDeleteRetentionInDays: softDelete data retention days. It accepts >=7 and <=90.
SoftDeleteRetentionInDays *int `json:"softDeleteRetentionInDays,omitempty"`
// TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
TenantId *string `json:"tenantId,omitempty" optionalConfigMapPair:"TenantId"`
// VaultUri: The URI of the vault for performing operations on keys and secrets.
VaultUri *string `json:"vaultUri,omitempty"`
}
// An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key
// vault's tenant ID.
type AccessPolicyEntry_ARM struct {
// ApplicationId: Application ID of the client making request on behalf of a principal
ApplicationId *string `json:"applicationId,omitempty" optionalConfigMapPair:"ApplicationId"`
// ObjectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the
// vault. The object ID must be unique for the list of access policies.
ObjectId *string `json:"objectId,omitempty" optionalConfigMapPair:"ObjectId"`
// Permissions: Permissions the identity has for keys, secrets and certificates.
Permissions *Permissions_ARM `json:"permissions,omitempty"`
// TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
TenantId *string `json:"tenantId,omitempty" optionalConfigMapPair:"TenantId"`
}
// A set of rules governing the network accessibility of a vault.
type NetworkRuleSet_ARM struct {
// Bypass: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the
// default is 'AzureServices'.
Bypass *NetworkRuleSet_Bypass `json:"bypass,omitempty"`
// DefaultAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after
// the bypass property has been evaluated.
DefaultAction *NetworkRuleSet_DefaultAction `json:"defaultAction,omitempty"`
// IpRules: The list of IP address rules.
IpRules []IPRule_ARM `json:"ipRules,omitempty"`
// VirtualNetworkRules: The list of virtual network rules.
VirtualNetworkRules []VirtualNetworkRule_ARM `json:"virtualNetworkRules,omitempty"`
}
// SKU details
type Sku_ARM struct {
// Family: SKU family name
Family *Sku_Family `json:"family,omitempty"`
// Name: SKU name to specify whether the key vault is a standard vault or a premium vault.
Name *Sku_Name `json:"name,omitempty"`
}
// +kubebuilder:validation:Enum={"createOrRecover","default","purgeThenCreate","recover"}
type VaultProperties_CreateMode string
const (
VaultProperties_CreateMode_CreateOrRecover = VaultProperties_CreateMode("createOrRecover")
VaultProperties_CreateMode_Default = VaultProperties_CreateMode("default")
VaultProperties_CreateMode_PurgeThenCreate = VaultProperties_CreateMode("purgeThenCreate")
VaultProperties_CreateMode_Recover = VaultProperties_CreateMode("recover")
)
// Mapping from string to VaultProperties_CreateMode
var vaultProperties_CreateMode_Values = map[string]VaultProperties_CreateMode{
"createorrecover": VaultProperties_CreateMode_CreateOrRecover,
"default": VaultProperties_CreateMode_Default,
"purgethencreate": VaultProperties_CreateMode_PurgeThenCreate,
"recover": VaultProperties_CreateMode_Recover,
}
// +kubebuilder:validation:Enum={"RegisteringDns","Succeeded"}
type VaultProperties_ProvisioningState string
const (
VaultProperties_ProvisioningState_RegisteringDns = VaultProperties_ProvisioningState("RegisteringDns")
VaultProperties_ProvisioningState_Succeeded = VaultProperties_ProvisioningState("Succeeded")
)
// Mapping from string to VaultProperties_ProvisioningState
var vaultProperties_ProvisioningState_Values = map[string]VaultProperties_ProvisioningState{
"registeringdns": VaultProperties_ProvisioningState_RegisteringDns,
"succeeded": VaultProperties_ProvisioningState_Succeeded,
}
// A rule governing the accessibility of a vault from a specific ip address or ip range.
type IPRule_ARM struct {
// Value: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all
// addresses that start with 124.56.78).
Value *string `json:"value,omitempty"`
}
// +kubebuilder:validation:Enum={"AzureServices","None"}
type NetworkRuleSet_Bypass string
const (
NetworkRuleSet_Bypass_AzureServices = NetworkRuleSet_Bypass("AzureServices")
NetworkRuleSet_Bypass_None = NetworkRuleSet_Bypass("None")
)
// Mapping from string to NetworkRuleSet_Bypass
var networkRuleSet_Bypass_Values = map[string]NetworkRuleSet_Bypass{
"azureservices": NetworkRuleSet_Bypass_AzureServices,
"none": NetworkRuleSet_Bypass_None,
}
// +kubebuilder:validation:Enum={"Allow","Deny"}
type NetworkRuleSet_DefaultAction string
const (
NetworkRuleSet_DefaultAction_Allow = NetworkRuleSet_DefaultAction("Allow")
NetworkRuleSet_DefaultAction_Deny = NetworkRuleSet_DefaultAction("Deny")
)
// Mapping from string to NetworkRuleSet_DefaultAction
var networkRuleSet_DefaultAction_Values = map[string]NetworkRuleSet_DefaultAction{
"allow": NetworkRuleSet_DefaultAction_Allow,
"deny": NetworkRuleSet_DefaultAction_Deny,
}
// Permissions the identity has for keys, secrets, certificates and storage.
type Permissions_ARM struct {
// Certificates: Permissions to certificates
Certificates []Permissions_Certificates `json:"certificates,omitempty"`
// Keys: Permissions to keys
Keys []Permissions_Keys `json:"keys,omitempty"`
// Secrets: Permissions to secrets
Secrets []Permissions_Secrets `json:"secrets,omitempty"`
// Storage: Permissions to storage accounts
Storage []Permissions_Storage `json:"storage,omitempty"`
}
// +kubebuilder:validation:Enum={"A"}
type Sku_Family string
const Sku_Family_A = Sku_Family("A")
// Mapping from string to Sku_Family
var sku_Family_Values = map[string]Sku_Family{
"a": Sku_Family_A,
}
// +kubebuilder:validation:Enum={"premium","standard"}
type Sku_Name string
const (
Sku_Name_Premium = Sku_Name("premium")
Sku_Name_Standard = Sku_Name("standard")
)
// Mapping from string to Sku_Name
var sku_Name_Values = map[string]Sku_Name{
"premium": Sku_Name_Premium,
"standard": Sku_Name_Standard,
}
// A rule governing the accessibility of a vault from a specific virtual network.
type VirtualNetworkRule_ARM struct {
Id *string `json:"id,omitempty"`
// IgnoreMissingVnetServiceEndpoint: Property to specify whether NRP will ignore the check if parent subnet has
// serviceEndpoints configured.
IgnoreMissingVnetServiceEndpoint *bool `json:"ignoreMissingVnetServiceEndpoint,omitempty"`
}
// +kubebuilder:validation:Enum={"all","backup","create","delete","deleteissuers","get","getissuers","import","list","listissuers","managecontacts","manageissuers","purge","recover","restore","setissuers","update"}
type Permissions_Certificates string
const (
Permissions_Certificates_All = Permissions_Certificates("all")
Permissions_Certificates_Backup = Permissions_Certificates("backup")
Permissions_Certificates_Create = Permissions_Certificates("create")
Permissions_Certificates_Delete = Permissions_Certificates("delete")
Permissions_Certificates_Deleteissuers = Permissions_Certificates("deleteissuers")
Permissions_Certificates_Get = Permissions_Certificates("get")
Permissions_Certificates_Getissuers = Permissions_Certificates("getissuers")
Permissions_Certificates_Import = Permissions_Certificates("import")
Permissions_Certificates_List = Permissions_Certificates("list")
Permissions_Certificates_Listissuers = Permissions_Certificates("listissuers")
Permissions_Certificates_Managecontacts = Permissions_Certificates("managecontacts")
Permissions_Certificates_Manageissuers = Permissions_Certificates("manageissuers")
Permissions_Certificates_Purge = Permissions_Certificates("purge")
Permissions_Certificates_Recover = Permissions_Certificates("recover")
Permissions_Certificates_Restore = Permissions_Certificates("restore")
Permissions_Certificates_Setissuers = Permissions_Certificates("setissuers")
Permissions_Certificates_Update = Permissions_Certificates("update")
)
// Mapping from string to Permissions_Certificates
var permissions_Certificates_Values = map[string]Permissions_Certificates{
"all": Permissions_Certificates_All,
"backup": Permissions_Certificates_Backup,
"create": Permissions_Certificates_Create,
"delete": Permissions_Certificates_Delete,
"deleteissuers": Permissions_Certificates_Deleteissuers,
"get": Permissions_Certificates_Get,
"getissuers": Permissions_Certificates_Getissuers,
"import": Permissions_Certificates_Import,
"list": Permissions_Certificates_List,
"listissuers": Permissions_Certificates_Listissuers,
"managecontacts": Permissions_Certificates_Managecontacts,
"manageissuers": Permissions_Certificates_Manageissuers,
"purge": Permissions_Certificates_Purge,
"recover": Permissions_Certificates_Recover,
"restore": Permissions_Certificates_Restore,
"setissuers": Permissions_Certificates_Setissuers,
"update": Permissions_Certificates_Update,
}
// +kubebuilder:validation:Enum={"all","backup","create","decrypt","delete","encrypt","get","getrotationpolicy","import","list","purge","recover","release","restore","rotate","setrotationpolicy","sign","unwrapKey","update","verify","wrapKey"}
type Permissions_Keys string
const (
Permissions_Keys_All = Permissions_Keys("all")
Permissions_Keys_Backup = Permissions_Keys("backup")
Permissions_Keys_Create = Permissions_Keys("create")
Permissions_Keys_Decrypt = Permissions_Keys("decrypt")
Permissions_Keys_Delete = Permissions_Keys("delete")
Permissions_Keys_Encrypt = Permissions_Keys("encrypt")
Permissions_Keys_Get = Permissions_Keys("get")
Permissions_Keys_Getrotationpolicy = Permissions_Keys("getrotationpolicy")
Permissions_Keys_Import = Permissions_Keys("import")
Permissions_Keys_List = Permissions_Keys("list")
Permissions_Keys_Purge = Permissions_Keys("purge")
Permissions_Keys_Recover = Permissions_Keys("recover")
Permissions_Keys_Release = Permissions_Keys("release")
Permissions_Keys_Restore = Permissions_Keys("restore")
Permissions_Keys_Rotate = Permissions_Keys("rotate")
Permissions_Keys_Setrotationpolicy = Permissions_Keys("setrotationpolicy")
Permissions_Keys_Sign = Permissions_Keys("sign")
Permissions_Keys_UnwrapKey = Permissions_Keys("unwrapKey")
Permissions_Keys_Update = Permissions_Keys("update")
Permissions_Keys_Verify = Permissions_Keys("verify")
Permissions_Keys_WrapKey = Permissions_Keys("wrapKey")
)
// Mapping from string to Permissions_Keys
var permissions_Keys_Values = map[string]Permissions_Keys{
"all": Permissions_Keys_All,
"backup": Permissions_Keys_Backup,
"create": Permissions_Keys_Create,
"decrypt": Permissions_Keys_Decrypt,
"delete": Permissions_Keys_Delete,
"encrypt": Permissions_Keys_Encrypt,
"get": Permissions_Keys_Get,
"getrotationpolicy": Permissions_Keys_Getrotationpolicy,
"import": Permissions_Keys_Import,
"list": Permissions_Keys_List,
"purge": Permissions_Keys_Purge,
"recover": Permissions_Keys_Recover,
"release": Permissions_Keys_Release,
"restore": Permissions_Keys_Restore,
"rotate": Permissions_Keys_Rotate,
"setrotationpolicy": Permissions_Keys_Setrotationpolicy,
"sign": Permissions_Keys_Sign,
"unwrapkey": Permissions_Keys_UnwrapKey,
"update": Permissions_Keys_Update,
"verify": Permissions_Keys_Verify,
"wrapkey": Permissions_Keys_WrapKey,
}
// +kubebuilder:validation:Enum={"all","backup","delete","get","list","purge","recover","restore","set"}
type Permissions_Secrets string
const (
Permissions_Secrets_All = Permissions_Secrets("all")
Permissions_Secrets_Backup = Permissions_Secrets("backup")
Permissions_Secrets_Delete = Permissions_Secrets("delete")
Permissions_Secrets_Get = Permissions_Secrets("get")
Permissions_Secrets_List = Permissions_Secrets("list")
Permissions_Secrets_Purge = Permissions_Secrets("purge")
Permissions_Secrets_Recover = Permissions_Secrets("recover")
Permissions_Secrets_Restore = Permissions_Secrets("restore")
Permissions_Secrets_Set = Permissions_Secrets("set")
)
// Mapping from string to Permissions_Secrets
var permissions_Secrets_Values = map[string]Permissions_Secrets{
"all": Permissions_Secrets_All,
"backup": Permissions_Secrets_Backup,
"delete": Permissions_Secrets_Delete,
"get": Permissions_Secrets_Get,
"list": Permissions_Secrets_List,
"purge": Permissions_Secrets_Purge,
"recover": Permissions_Secrets_Recover,
"restore": Permissions_Secrets_Restore,
"set": Permissions_Secrets_Set,
}
// +kubebuilder:validation:Enum={"all","backup","delete","deletesas","get","getsas","list","listsas","purge","recover","regeneratekey","restore","set","setsas","update"}
type Permissions_Storage string
const (
Permissions_Storage_All = Permissions_Storage("all")
Permissions_Storage_Backup = Permissions_Storage("backup")
Permissions_Storage_Delete = Permissions_Storage("delete")
Permissions_Storage_Deletesas = Permissions_Storage("deletesas")
Permissions_Storage_Get = Permissions_Storage("get")
Permissions_Storage_Getsas = Permissions_Storage("getsas")
Permissions_Storage_List = Permissions_Storage("list")
Permissions_Storage_Listsas = Permissions_Storage("listsas")
Permissions_Storage_Purge = Permissions_Storage("purge")
Permissions_Storage_Recover = Permissions_Storage("recover")
Permissions_Storage_Regeneratekey = Permissions_Storage("regeneratekey")
Permissions_Storage_Restore = Permissions_Storage("restore")
Permissions_Storage_Set = Permissions_Storage("set")
Permissions_Storage_Setsas = Permissions_Storage("setsas")
Permissions_Storage_Update = Permissions_Storage("update")
)
// Mapping from string to Permissions_Storage
var permissions_Storage_Values = map[string]Permissions_Storage{
"all": Permissions_Storage_All,
"backup": Permissions_Storage_Backup,
"delete": Permissions_Storage_Delete,
"deletesas": Permissions_Storage_Deletesas,
"get": Permissions_Storage_Get,
"getsas": Permissions_Storage_Getsas,
"list": Permissions_Storage_List,
"listsas": Permissions_Storage_Listsas,
"purge": Permissions_Storage_Purge,
"recover": Permissions_Storage_Recover,
"regeneratekey": Permissions_Storage_Regeneratekey,
"restore": Permissions_Storage_Restore,
"set": Permissions_Storage_Set,
"setsas": Permissions_Storage_Setsas,
"update": Permissions_Storage_Update,
}